科目一及安全文明驾驶系统找注册码
本帖最后由 bailei 于 2013-12-22 10:56 编辑这个只是教程 第一次发这样的帖子软件会打包 但是不是破解版
自己动手 丰衣足食新手教程 大牛飘过~
软件下载地址: http://url.cn/Ne0BCV
查壳
把程序丢入OD--运行--跟随0040100--搜索字符串
004CDEC3 .59 pop ecx ;0012F4B8
004CDEC4 .64:8910 mov dword ptr fs:,edx
004CDEC7 .68 EDDE4C00 push jdcks.004CDEED ;j@h爝L
004CDECC >8B45 F4 mov eax,dword ptr ss:
004CDECF .E8 FC59F3FF call jdcks.004038D0
004CDED4 .A1 A0294D00 mov eax,dword ptr ds:
004CDED9 .8B00 mov eax,dword ptr ds:
004CDEDB .BA 94DF4C00 mov edx,jdcks.004CDF94 ;FirstSession
004CDEE0 .E8 0FF9FCFF call jdcks.0049D7F4
004CDEE5 .C3 retn
004CDEE6 .^ E9 7961F3FF jmp jdcks.00404064
004CDEEB .^ EB DF jmp short jdcks.004CDECC
004CDEED .6A 40 push 0x40
004CDEEF .68 ECDF4C00 push jdcks.004CDFEC ;提示
004CDEF4 .68 F4DF4C00 push jdcks.004CDFF4 ;注册成功,谢谢您使用本系统!
004CDEF9 .8B45 FC mov eax,dword ptr ss:
004CDEFC .E8 3799F7FF call jdcks.00447838
004CDF01 .50 push eax ; |hOwner = 0053AF10
004CDF02 .E8 B596F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF07 .8B45 FC mov eax,dword ptr ss:
004CDF0A .E8 FDFBF8FF call jdcks.0045DB0C
004CDF0F EB 1A jmp short jdcks.004CDF2B
004CDF11 6A 30 push 0x30
004CDF13 .68 ECDF4C00 push jdcks.004CDFEC ;提示
004CDF18 .68 10E04C00 push jdcks.004CE010 ;对不起,注册码不对
004CDF1D .8B45 FC mov eax,dword ptr ss:
004CDF20 .E8 1399F7FF call jdcks.00447838
004CDF25 .50 push eax ; |hOwner = 0053AF10
004CDF26 .E8 9196F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF2B >33C0 xor eax,eax
004CDF2D .5A pop edx ;0012F4B8
004CDF2E .59 pop ecx ;0012F4B8
004CDF2F .59 pop ecx ;0012F4B8
找到这段代码的开头下断点
004CDD1D|.5D pop ebp ;0012F4B8
004CDD1E\.C2 0C00 retn 0xC
004CDD21 8D40 00 lea eax,dword ptr ds:
004CDD24 .55 push ebp ;代码开头 下断点 F2
004CDD25 .8BEC mov ebp,esp
004CDD27 .B9 08000000 mov ecx,0x8
004CDD2C >6A 00 push 0x0
004CDD2E .6A 00 push 0x0
004CDD30 .49 dec ecx
004CDD31 ^ 75 F9 jnz short jdcks.004CDD2C
004CDD33 .51 push ecx
004CDD34 .8945 FC mov dword ptr ss:,eax
004CDD37 .33C0 xor eax,eax
004CDD39 .55 push ebp
004CDD3A .68 6EDF4C00 push jdcks.004CDF6E
004CDD3F .64:FF30 push dword ptr fs:
在程序中注册一次 段下来
F8单步走
004CDD2C > /6A 00 push 0x0
004CDD2E . |6A 00 push 0x0
004CDD30 . |49 dec ecx
004CDD31 ^\75 F9 jnz short jdcks.004CDD2C
004CDD33 .51 push ecx
这一段是循环直接跳到下一步走(在 004CDD33 右键-此处为新EIP)
004CDD7D .8B80 20030000 mov eax,dword ptr ds:
004CDD83 .E8 B06CF3FF call jdcks.00404A38
004CDD88 0F85 83010000 jnz jdcks.004CDF11 ;关键跳
004CDD8E .8D55 D4 lea edx,dword ptr ss:
004CDD91 .A1 1C2D4D00 mov eax,dword ptr ds: ;,<M
004CDD96 .8B00 mov eax,dword ptr ds:
004CDD98 .E8 BB39F9FF call jdcks.00461758
004CDD9D .8B45 D4 mov eax,dword ptr ss:
004CDDA0 .8D55 F8 lea edx,dword ptr ss:
004CDDA3 .E8 60B3F3FF call jdcks.00409108
004CDDA8 .8D45 D0 lea eax,dword ptr ss:
004CDDAB .B9 84DF4C00 mov ecx,jdcks.004CDF84 ;Data\
004CDDB0 .8B55 F8 mov edx,dword ptr ss:
004CDDB3 .E8 886BF3FF call jdcks.00404940
004CDDB8 .8B55 D0 mov edx,dword ptr ss: ;ntdll.771156F7
004CDDBB .A1 A0294D00 mov eax,dword ptr ds:
004CDDC0 .8B00 mov eax,dword ptr ds:
004CDDC2 .E8 ED10FDFF call jdcks.0049EEB4
004CDDC7 .8D45 CC lea eax,dword ptr ss:
004CDDCA .B9 84DF4C00 mov ecx,jdcks.004CDF84 ;Data\
004CDDCF .8B55 F8 mov edx,dword ptr ss:
004CDDD2 .E8 696BF3FF call jdcks.00404940
004CDDD7 .8B55 CC mov edx,dword ptr ss:
004CDDDA .A1 A0294D00 mov eax,dword ptr ds:
004CDDDF .8B00 mov eax,dword ptr ds:
004CDDE1 .E8 5E11FDFF call jdcks.0049EF44
004CDDE6 .A1 A0294D00 mov eax,dword ptr ds:
004CDDEB .8B00 mov eax,dword ptr ds:
004CDDED .BA 94DF4C00 mov edx,jdcks.004CDF94 ;FirstSession
004CDDF2 .E8 FDF9FCFF call jdcks.0049D7F4
004CDDF7 .68 ACDF4C00 push jdcks.004CDFAC ;Paradox
004CDDFC .8D45 C8 lea eax,dword ptr ss:
004CDDFF .B9 84DF4C00 mov ecx,jdcks.004CDF84 ;Data\
004CDE04 .8B55 F8 mov edx,dword ptr ss:
004CDE07 .E8 346BF3FF call jdcks.00404940
004CDE0C .8B4D C8 mov ecx,dword ptr ss:
004CDE0F .A1 A0294D00 mov eax,dword ptr ds:
004CDE14 .8B00 mov eax,dword ptr ds:
004CDE16 .BA 94DF4C00 mov edx,jdcks.004CDF94 ;FirstSession
004CDE1B .E8 8CF4FCFF call jdcks.0049D2AC
004CDE20 .8B0D 1C2D4D00 mov ecx,dword ptr ds: ;,<M
004CDE26 .8B09 mov ecx,dword ptr ds: ;jdcks.00448350
004CDE28 .B2 01 mov dl,0x1
004CDE2A .A1 1CB54900 mov eax,dword ptr ds:
004CDE2F .E8 2870FDFF call jdcks.004A4E5C
004CDE34 .8945 F4 mov dword ptr ss:,eax
004CDE37 .33C0 xor eax,eax
004CDE39 .55 push ebp
004CDE3A .68 E6DE4C00 push jdcks.004CDEE6
004CDE3F .64:FF30 push dword ptr fs:
004CDE42 .64:8920 mov dword ptr fs:,esp
004CDE45 .BA 94DF4C00 mov edx,jdcks.004CDF94 ;FirstSession
004CDE4A .8B45 F4 mov eax,dword ptr ss:
004CDE4D .E8 4A68FDFF call jdcks.004A469C
004CDE52 .8B45 F4 mov eax,dword ptr ss:
004CDE55 .E8 0E08FCFF call jdcks.0048E668
004CDE5A .8B45 F4 mov eax,dword ptr ss:
004CDE5D .8B80 48020000 mov eax,dword ptr ds:
004CDE63 .8B10 mov edx,dword ptr ds:
004CDE65 .FF52 44 call dword ptr ds:
004CDE68 .68 BCDF4C00 push jdcks.004CDFBC ;Update M_PublicName set RegCode='
004CDE6D .8D55 BC lea edx,dword ptr ss:
004CDE70 .8B45 FC mov eax,dword ptr ss:
004CDE73 .8B80 14030000 mov eax,dword ptr ds:
004CDE79 .E8 EA32F7FF call jdcks.00441168
004CDE7E .8B45 BC mov eax,dword ptr ss: ;ntdll.771156EC
004CDE81 .8D55 C0 lea edx,dword ptr ss:
004CDE84 .E8 C3ADF3FF call jdcks.00408C4C
004CDE89 .FF75 C0 push dword ptr ss:
004CDE8C .68 E8DF4C00 push jdcks.004CDFE8 ;'
004CDE91 .8D45 C4 lea eax,dword ptr ss:
004CDE94 .BA 03000000 mov edx,0x3
004CDE99 .E8 166BF3FF call jdcks.004049B4
004CDE9E .8B55 C4 mov edx,dword ptr ss:
004CDEA1 .8B45 F4 mov eax,dword ptr ss:
004CDEA4 .8B80 48020000 mov eax,dword ptr ds:
004CDEAA .8B08 mov ecx,dword ptr ds:
004CDEAC .FF51 38 call dword ptr ds: ;jdcks.004482CC
004CDEAF .8B45 F4 mov eax,dword ptr ss:
004CDEB2 .E8 4578FDFF call jdcks.004A56FC
004CDEB7 .8B45 F4 mov eax,dword ptr ss:
004CDEBA .E8 A907FCFF call jdcks.0048E668
004CDEBF .33C0 xor eax,eax
004CDEC1 .5A pop edx ;jdcks.0044272A
004CDEC2 .59 pop ecx ;jdcks.0044272A
004CDEC3 .59 pop ecx ;jdcks.0044272A
004CDEC4 .64:8910 mov dword ptr fs:,edx
004CDEC7 .68 EDDE4C00 push jdcks.004CDEED ;j@h爝L
004CDECC >8B45 F4 mov eax,dword ptr ss:
004CDECF .E8 FC59F3FF call jdcks.004038D0
004CDED4 .A1 A0294D00 mov eax,dword ptr ds:
004CDED9 .8B00 mov eax,dword ptr ds:
004CDEDB .BA 94DF4C00 mov edx,jdcks.004CDF94 ;FirstSession
004CDEE0 .E8 0FF9FCFF call jdcks.0049D7F4
004CDEE5 .C3 retn
004CDEE6 .^ E9 7961F3FF jmp jdcks.00404064
004CDEEB .^ EB DF jmp short jdcks.004CDECC
004CDEED .6A 40 push 0x40
004CDEEF .68 ECDF4C00 push jdcks.004CDFEC ;提示
004CDEF4 .68 F4DF4C00 push jdcks.004CDFF4 ;注册成功,谢谢您使用本系统!
004CDEF9 .8B45 FC mov eax,dword ptr ss:
004CDEFC .E8 3799F7FF call jdcks.00447838
004CDF01 .50 push eax ; |hOwner = 000000F4 (class='tooltips_class32')
004CDF02 .E8 B596F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF07 .8B45 FC mov eax,dword ptr ss:
004CDF0A .E8 FDFBF8FF call jdcks.0045DB0C
004CDF0F EB 1A jmp short jdcks.004CDF2B
004CDF11 6A 30 push 0x30
004CDF13 .68 ECDF4C00 push jdcks.004CDFEC ;提示
004CDF18 .68 10E04C00 push jdcks.004CE010 ;对不起,注册码不对
004CDF1D .8B45 FC mov eax,dword ptr ss:
004CDF20 .E8 1399F7FF call jdcks.00447838
004CDF25 .50 push eax ; |hOwner = 000000F4 (class='tooltips_class32')
004CDF26 .E8 9196F3FF call <jmp.&user32.MessageBoxA> ; \MessageBoxA
004CDF2B >33C0 xor eax,eax
按道理把关键跳nop是可以达到爆破效果!
0012F8EC|0130C950ASCII " TMA55BZJ2ZEAPP"
0012F8F0|0130C974ASCII "000B2F19D3E0 TMA55BZJ2ZEAPP"
0012F8F4|0130C9BCASCII "1789909449"这个是用户名
0012F8F8|0130C9D4ASCII "1744175328"这个是注册码
0012F8FC|0130CC14ASCII "7a0c75c75105ca26a2a0b70cdd714a21"
0012F900|C7750C7A
沙发给力支持下楼主 {:1_921:} 小人物大智慧 发表于 2013-12-22 10:52 static/image/common/back.gif
沙发给力支持下楼主
亲 你的速度真快。。。
支持楼主!!!!!!!!!!! 不太看得懂啊。。。 这个软件考驾照的需要仔细学习
页:
[1]